CIFST PRIVACY POLICY

PURPOSE

To provide a clear statement of how CIFST manages member information and protects members’ privacy.

Definitions

Personal Information

Information about an identifiable individual, but does not include the name, position title, business address or telephone number of an employee of an organization. (Part 1, section 2 of the Personal Information Protection and Electronic Documents Act).

Member Information

Information pertaining to an identifiable individual who is an applicant for or is a current or past member of CIFST.

Mandatory Information

Member information that must be collected in order for the basic services of CIFST to be administered and provided to the individual, including:

• Name (First and Last) • Mailing Address • Methods of Payment • Credit Card Account Number when this method of payment is selected

Voluntary InformationMember information that is collected to facilitate the provision of current services and the development of additional services on behalf of the organization. This includes, but is not limited to:

• Position Title • Organization • Telephone Number • Facsimile Number • E-mail Address • Occupation • Professional Designation • Years of Experience • Education • Other Organizations to which a member belongs • Home addresses, home telephone/facsimile numbers or home e-mail accounts, when members specifically request home correspondence.

Personnel

Individuals retained by CIFST to provide services to the Board, Committees and members of the organization.

THE POLICY

Privacy Principles

CIFST follows the principles of privacy in all relationships with its members, its clients and their data. CIFST’s Privacy Policy conforms to the principles outlined in the Personal Information Protection and Electronic Documents Act.

General Privacy Statement

CIFST uses member information only for the purposes stated at the time of collection and neither uses it for any other purpose nor discloses the information to any other organization except where the member has consented to the alternate use or disclosure.

Tenets of CIFST Privacy

CIFST adheres to the following privacy principles:

• CIFST collects data for specifically identified purposes and does not use data collected for one purpose for any other. CIFST will obtain members’ consent if data is used for other purposes • CIFST maintains data on members and clients in strict confidence and shares those data only for stated purposes • No more than the minimum amount of personal information will be collected in the course of providing any service • Members have the right to abstain from providing certain information recognizing that in that case, the purpose may then not be fulfilled or the organization may not be able to provide some services to the Member • Members have the right to access their own information. (Procedures for accessing information can be found in the Related Procedures section)

Sources of Collection

CIFST collects member information through membership applications and renewals, conference or seminar registrations, or orders of member services and products.

Method of Collection

Member information may be collected via direct telephone contact, through the Internet or on a prescribed form provided by the organization.

CIFST Website

CIFST tracks visitors to their public Website for statistical purposes. The site captures limited information about visits. No personally identifiable information is collected, only aggregate data - such as the number of hits per page.

For members only Web pages accessible by authorized members, names of the members, e-mail addresses and passwords are captured to authenticate levels of access and track the number of times members have visited the site. CIFST is not responsible for the content or privacy practices of any linked site.

Data uses

CIFST uses information submitted from members, conference registrants, and other customers in the following ways:

• To improve its own Web content; to respond to members’ and visitors' interests, needs and preferences; • to develop new products and services; and • to provide individuals and their companies with information about complimentary CIFST services, promotions or special offers.

For routine system maintenance and security administration, such as tracking of authorized access, aggregate data collected from the Web site are only used for internal and marketing purposes and do not provide any personally identifying information. Aggregate data are used only to analyze general traffic patterns (e.g. what pages are most/least popular) and to perform routine system maintenance.

Data sharing

CIFST Member data is never disclosed beyond the organization without the consent of the Member and it is shared internally only when it is required as a part of the performance of the duties of the individual seeking access.

CIFST does not make members’ contact information available through the CIFST Membership Directory to third parties or visitors to its Internet site but does make it available, with consent, to other members of CIFST.

CIFST may elect to send mailings from other organizations to its members, with the approval of the Executive Committee of CIFST, but the mailings will always originate with CIFST.CIFST may elect to send mailings through a third party that is specifically contracted to a deliver and/or promote a CIFST-authorized member service.

If a member chooses to contact CIFST by mail, fax, telephone or e-mail, and provides personally identifiable information, CIFST does not use the information for any purpose other than to respond to the member inquiries.

CIFST does not disclose credit card account information provided by its members and customers, except to the appropriate banking institutions and/or clearinghouses in order to obtain debit authorization and payment.

Compliance

CIFST is committed to ensuring its privacy policy is understood and respected by all of its personnel. CIFST has taken the following steps to ensure compliance:

• All data collected by CIFST is stored in a secured manner • Only authorized personnel of CIFST have access to membership information • Access to CIFST network resources is limited to CIFST personnel• Access to data collected from visitors to its Website is granted on an as-needed basis and is limited to CIFST management staff • CIFST personnel receive appropriate training in protection of personal information.

Concerns or Complaints

Individuals have the right to review their personal information to ensure its accuracy and to confirm CIFST’s compliance with this policy. Anyone with concerns regarding the treatment of their member data or personal information or who wish to review their data should contact CIFST at 905-271-8338.

RELATED PROCEDURES

Authentication

Members contacting the CIFST Office to seek the provision of services or to amend or seek access to their data will be asked for information designed to authenticate that they are the individual to whom the information belongs. This authentication process will include asking for their CIFST Member number and two additional pieces of information from their recorded information.

Communication

CIFST will advise all members of its Privacy Policy On the Website in the form of a Website Privacy Statement.

CIFST thanks COACH: Canada's Health Informatics Association for providing their Privacy Policy template to assist in the development of this policy.